Vulnerability in Larry_wall Perl
CVE-2005-0448
Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.
EPSS: 0.004 (30.3th percentile) — read the EPSS interpretation.
Affected products
- Larry_wall Perl — versions 5.8.0, 5.8.1, 5.8.3
- N/a — versions n/a
Public proof-of-concept exploits
References
- security@debian.org (vendor-advisory, Patch, x_refsource_DEBIAN, Vendor Advisory)
- security@debian.org (x_refsource_HP, vendor-advisory)
- security@debian.org (x_refsource_REDHAT, vendor-advisory)
- security@debian.org (vendor-advisory, x_refsource_MANDRIVA)
- security@debian.org (x_refsource_SECUNIA, third-party-advisory)
- security@debian.org (x_refsource_SECUNIA, third-party-advisory)
- security@debian.org (vdb-entry, x_refsource_BID)
- security@debian.org (vendor-advisory, x_refsource_CONECTIVA)
- security@debian.org (x_refsource_OVAL, signature, vdb-entry)
- security@debian.org (x_refsource_FEDORA, vendor-advisory)
Frequently asked questions
- What is CVE-2005-0448?
- CVE-2005-0448 is a vulnerability in Larry_wall Perl. Published 2005-05-02.
- Is CVE-2005-0448 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.